Security Bulletin: An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2026-3621).

Summary An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2026-3621. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address this vulnerability. Vulnerability Details CVEID:CVE-2026-3621 DESCRIPTION:...

CVE-2026-7778

An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 5.0, Medium. This...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the handleSave function of the RoleAdmin Gateway component in the ttsconfig.go file. An attacker can gain unauthorized access to privileged operations by exploiting improper privilege management through...

EUVD-2026-31521

Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in PATCH /api/v3/core/users/pk/. An attacker can gain elevated privileges by assigning arbitrary groups, including those with administrator-equivalent permissions, to users they control or have access to,...

Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability

Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network...

Improper Privilege Management

Overview @budibase/frontend-core is a Budibase frontend core libraries used in builder and client Affected versions of this package are vulnerable to Improper Privilege Management through the onboardUsers function. An attacker can gain unauthorized administrative privileges by sending crafted...

Improper Privilege Management

Overview @budibase/builder is a npm install Affected versions of this package are vulnerable to Improper Privilege Management through the onboardUsers function. An attacker can gain unauthorized administrative privileges by sending crafted requests to the affected endpoint, allowing the creation ...

AMD Device Management Portal Key Download

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-62619| Missing authentication in the KVM key download endpoint could allow an unauthenticated attacker with knowledge of the exposed URL to retrieve sensitive keys, potentially leading to...

CVE-2026-26946

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges...

Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network...

EUVD-2026-27331

An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 5.0, Medium. This...

CVE-2026-7778 runZero Platform dashboard configuration exposure

An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 5.0, Medium. This...

CVE-2026-7778

An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 5.0, Medium. This...

EUVD-2026-27149

Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leadi...

CVE-2026-5141

CVE-2026-5141 affects Pardus Software Center (before 1.0.3). The issue is due to improper privilege management and access control, enabling hijacking of a privileged process. The connected sources confirm the affected product and version range, but do not provide a remediation or patch details. N...

CVE-2026-23772

CVE-2026-23772 affects Dell Storage Manager – Replay Manager for Microsoft Servers, version 8.0. The vulnerability is described as an Improper Privilege Management that could enable Elevation of Privileges by a low-privileged attacker with local access. The CVSS‑3.1 base score is 7.3 (HIGH). Dell...

PT-2026-32840

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description Improper privilege management in the Telemetry Service allows an authorized attacker to cause a local denial of service, which affects the system. Recommendations At the moment, the...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the parentprojectid update process. An attacker can gain unauthorized administrative privileges by moving a project under a project they own, allowing them to delete the project, manage sharing settings,...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the parentprojectid update process. An attacker can gain unauthorized administrative privileges by moving a project under a project they own, allowing them to delete the project, manage sharing settings,...